Privacy policy

As the responsible party, we take the protection of your (personal) data very seriously. Below, we provide information about what data we process about you, who exactly is responsible for data processing, who you can contact if you have any questions or complaints, and what rights you have with regard to your data. In addition, we provide you with further information required by law about the various data processing activities. Please read this privacy policy carefully.

Explanation of key terms and principles

Personal data refers to individual details about the personal or factual circumstances of an identified or (with a certain amount of effort) identifiable natural person, i.e. in addition to the name, address, and telephone number, it also includes all other data that describes this person or their behavior in any way. This includes, in particular, all digital data traces that each of us leaves behind when using the Internet on the World Wide Web. This person and their data are also referred to as the data subject.

The processing of your (personal) data includes all activities from collection, storage, use, modification, transmission, or disclosure to deletion. It does not matter whether this is done electronically, i.e., by computer, or otherwise, e.g., on paper.

The specific processing of your personal data is also referred to as a processing activity. Every processing activity pursues a specific, identifiable processing purpose and requires, among other things, a specific, also identifiable legal basis; otherwise, the processing is not permitted.

The controller is the person who ultimately determines the purposes and means of processing your data. It does not matter whether the controller is a person, a company, or any other association, public authority, or similar entity. The controller may decide on the purposes and means of processing alone, jointly with others, or on behalf of a third party.

Controller

HASOMED GmbH, Paul-Ecke-Straße 1, 39114 Magdeburg
Telefon: +49 391 62 30 112, Internetseite: www.hasomed.de

Datenschutzbeauftragter

Herr Martin Uhlmann
Behta Management GmbH
Trothaer Str. 65
06118 Halle/S.
E-Mail: datenschutz@hasomed.de

In the event of violations of data protection law, you as the data subject have a legal right of appeal to the competent supervisory authority. The competent supervisory authority for us is the State Data Protection Commissioner of the Federal State of Saxony-Anhalt:

Landesbeauftragter für den Datenschutz Sachsen-Anhalt
Frau Maria Christina Rost
Otto-von-Guericke-Straße 34a,
39104 Magdeburg
poststelle@lfd.sachsen-anhalt.de

Your rights as a data subject

As of: June 27, 2025, Version: 1.0

Data processing on our website

General information

When you visit our website, various data is processed in order to analyze and improve the use of our information offering and to identify and remedy any potential weaknesses.

Server-Log-Files

When you visit our website, information is collected and stored in so-called server log files, which your browser automatically transmits to us. This includes: browser type and browser version, operating system used, referrer URL (original website from which the user accessed our website or file), host name of the accessing computer, time of the server request, and IP address.

This data is processed on the servers of our Internet service provider. This data is not merged with other data sources. This processing activity does not form the basis for automated decision-making (profiling). We reserve the right to subsequently check this data if we become aware of specific indications of illegal use.

The legal basis for data processing is our legitimate interest after weighing up all risks (see Art. 6 (1) (f) GDPR). Our interest in this regard is: publicizing our company, advertising on our own behalf, providing information about our range of services, and supporting the initiation of business contacts by publishing suitable contact options for interested parties and business partners, as well as improving the user-friendliness of our information offering.

The storage period is one year.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Cookies

Some of the web pages use cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be restricted.

Cookies that are necessary for the electronic communication process or for the provision of certain functions requested by you (e.g., shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its website. If other cookies (e.g., cookies for analyzing your surfing behavior) are stored, these are treated separately in this privacy policy.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us.

The data entered in the contact form is therefore processed exclusively on the basis of our legitimate interest for the purpose of processing the inquiry and in the event of follow-up questions (Art. 6 para. 1 lit. f GDPR).

The data you enter in the contact form will remain with us until you request us to delete it or the purpose for data storage no longer applies (e.g., after your request has been processed).

Mandatory legal provisions—in particular retention periods—remain unaffected.

Links to other websites

This website also contains links to websites of other providers to which our privacy policy does not extend. We generally have no influence on the content and compliance with data protection regulations by these providers and therefore ask you to inform yourself about the guidelines applicable there when visiting these websites.

Tools used

CleverReach

We use CleverReach, a service provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, to send our newsletter. When you subscribe to the newsletter, your email address and voluntary information (e.g., name) are collected and stored. In addition, CleverReach collects statistical data on user behavior (e.g., open and click rates, IP address, time).

The legal basis is your consent in accordance with Art. 6 (1) (a) GDPR. The data will be stored for as long as you are subscribed to the newsletter. After unsubscribing, your data will be deleted or blocked within 7 days.

Cookiebot

For the data protection-compliant management of cookies, we use Cookiebot, a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot stores your consent or refusal to use cookies and enables us to document your decision in a verifiable manner.

The following data is processed: IP address (anonymized), consent status, date and time of consent, browser information, and a random, anonymous key identifier. The legal basis is Art. 6(1)(c) GDPR (legal obligation to provide evidence in accordance with Art. 5(2) GDPR). The consent data is stored for 12 months and then automatically deleted.

Use of Google services

Specifically, the following Google services are used:

‍a) Google Analytics
Purpose:
Analysis of user behavior to improve the functionality and user-friendliness of the website.

Processed data:
- IP address (anonymized)
- Device type and operating system
- Screen resolution
- Pages visited, length of stay, scroll depth
- Source of origin (referrer URL)
- Browser information
- Location (approximate)

Storage period:
Data is stored by Google for 14 months and then automatically deleted.

b) Google Ads (including conversion tracking)
Purpose:
Displaying personalized advertising on Google and measuring the success of our campaigns through conversion tracking.

‍Processed data:
- IP address
- Interactions with ads (clicks)
- Device information
- Time and duration of visit
- Referrer and landing pages

Storage period:
Tracking data is stored for a maximum of 90 days.

c) Google Tag Manager
Purpose:
Technical integration and control of scripts and tracking tags (e.g., Analytics, Ads, Meta Pixel).
The Tag Manager itself does not process any personal data, but is used exclusively for technical organization.

Processed data:
- No own data – but control of other tools that collect personal data.

‍Storage period:
No direct storage of personal data by this tool.

‍d) YouTube (video integration)
Purpose:
Integration of videos for multimedia presentation of our content using YouTube Player in extended data protection mode.

Processed data:
- IP address
- Device type and operating system
- Referrer
- Time of playback
- Interactions with the video
- Google/YouTube account information (if logged in)

‍Storage period:
The storage period is based on Google and YouTube guidelines and depends on your activity and account links.

Vidzflow

If you use the Vidzflow system (https://www.vidzflow.com/) to embed and play videos on our websites, you consent to the processing of your personal data that is necessary for the provision and functionality of Vidzflow.

Vidzflow is a video platform for Webflow websites, operated by Woice d.o.o., based in Maribor, Slovenia, a member state of the European Union. The processing of your data by Vidzflow therefore takes place within the scope of the General Data Protection Regulation (GDPR).

The use of Vidzflow is based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR, as it enables us to ensure the technically flawless and user-friendly provision of video content. In addition, data processing is carried out within the framework of the EU-US Data Privacy Framework, which ensures an adequate standard of data protection for the transfer of personal data to processors in the US.

The following data, among other things, is processed for the playback of videos:
- User's IP address
- Device and browser information
- Usage data, such as start time, playback time, and interactions with the video player

This data is processed exclusively for the purpose of providing and optimizing the video service and is not merged with other data sources. For more information on data processing by Vidzflow, please refer to the provider's privacy policy at: https://www.vidzflow.com/privacy.

Meta Ads (Facebook Pixel)

On Instagram, we use Facebook Pixel, an analytics tool from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. With the help of this pixel, we track user actions on our website (e.g., page views, form submissions, purchases) in order to take them into account in targeted advertising campaigns (retargeting, custom audiences).

The following data is processed: IP address, device information, pages visited, referrer URL, timestamp, and meta ID (if you are logged into Facebook or Instagram).
The legal basis is your consent in accordance with Art. 6 (1) (a) GDPR. The data is stored for up to 180 days. Transfer to the US is based on the EU Standard Contractual Clauses.

Meta is an active participant in the EU-U.S. Data Privacy Framework https://www.dataprivacyframework.gov/

Webflow inkl. Formularfunktionen

We use the Webflow service provided by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA, to provide and manage our website. Webflow hosts our website content and automatically processes information such as IP address, browser type, operating system, referrer URL, time and date of access, and—in the case of form usage—the personal data entered there, such as name, email address, and message content.

Processing is based on Art. 6 (1) lit. f GDPR (legitimate interest in an appealing and functional online presence) or, when using a contact form, on Art. 6 (1) lit. b GDPR (initiation or execution of a contractual relationship).
Data transmitted via forms is encrypted and stored on servers operated by Webflow. These servers are located in the USA. An adequate level of data protection is ensured by EU standard contractual clauses. The storage period depends on the respective intended use, but is generally no longer than 6 months.

Webflow is an active participant in the EU-U.S. Data Privacy Framework https://www.dataprivacyframework.gov/

Zeeg

We use the Zeeg calendar service provided by Zeeg GmbH, Germany, to book appointments. When you make an appointment using the embedded booking tool, personal data such as your name, email address, date and time of the appointment, and, if applicable, technical data (e.g., IP address, browser type) will be processed.

The legal basis for data processing is Art. 6 (1) lit. b GDPR (contract fulfillment) and Art. 6 (1) lit. f GDPR (operational interest in the digital processing of appointments). The data is processed on European servers and automatically deleted no later than 12 months after the appointment has taken place.

General information for customers

Within the framework of a business relationship, we process personal data from customers and contact persons for the purpose of initiating, executing, and processing contracts. This includes name, company affiliation, business contact details (e.g., email address, telephone number), payment details, communication content, and contract and project data. The legal basis for this processing is Art. 6 (1) lit. b GDPR (contract fulfillment) as well as Art. 6 (1) lit. c GDPR (statutory retention obligations) and Art. 6 (1) lit. f GDPR (legitimate interest in communication and documentation). The storage period is based on the statutory retention obligations, in particular in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO), and is generally ten years.

General information for applicants

What data do we process about you? And for what purposes?

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process.

What is the legal basis for this?

The legal basis for the processing of your personal data in this application process is primarily Art. 6 (1) lit. b) GDPR.

According to this, the processing of data that is necessary in connection with the decision to establish an employment relationship is permissible.

If the data is required for legal purposes after the application process has been completed, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular for the purposes of legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest then lies in asserting or defending claims.

If special categories of personal data within the meaning of Art. 9 GDPR are processed (e.g., health data), the legal basis is Section 26 (3) BDSG or Art. 9 (2) lit. b) GDPR in conjunction with Art. 6 (1) lit. b) GDPR.

How long is the data stored?

Data from applicants will be deleted after 6 months in the event of rejection.

If you have consented to the further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted after two years.

If you are offered a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.

To whom is the data passed on?

We use a specialized software provider for the application process. This provider acts as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of the systems.

We have concluded a so-called data processing agreement with this provider, which ensures that data processing is carried out in a permissible manner.

Your application data will be reviewed by the Human Resources department after we receive your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. The next steps will then be coordinated. Within the company, only those persons who need your data for the proper execution of our application process have access to it.

Where is the data processed?

The data is processed exclusively in data centers in the Federal Republic of Germany.

General information for employees

We process the personal data necessary for the establishment, implementation, and termination of the employment relationship. This primarily includes contact details, data on your qualifications, data from the legally required recording of working hours, and all information necessary for determining and calculating your salary and in connection with statutory contributions and taxes (e.g., social security contributions), as well as for monitoring compliance with statutory working time requirements and the minimum wage.

In addition, this may also include data relating to occupational safety, workplace integration management, and data on breaches of employment contract obligations that have been penalized (“warnings”).

We also process information about your work performance and its evaluation, which is required, for example, for the preparation of appraisals.

If you use a company pension scheme offered by us, data will also be processed in this area and, if necessary, passed on to the insurers.

Future changes to our privacy policy

To ensure that our privacy policy always complies with current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy needs to be adapted due to new or revised services, for example new services, products, or functions on the website, or other processing activities. The new privacy policy will then apply to your next visit.

Thank you for your understanding.